A Review of the Piedmont Healthcare OIG Audit

Nadia Fahim-Koster, MBA, CHPS, CISSP, Information Security Director, Piedmont Healthcare, Atlanta, and Cliff Baker, PricewaterhouseCoopers, describe the OIG Security Audit of Piedmont, lessons learned, and the related CMS Security Audits. Since the HIPAA Security Rule is enforced by CMS, not OIG, this rule provides CMS with broad discretion over enforcement decisions based on provider cooperation and commitment to information security. The purpose of OIG audit was to assess CMS enforcement of the Security Rule by auditing provider compliance. The Final Report will be issued to CMS and will likely not be public.